PLT-3484 OAuth2 Service Provider (#3632)

* PLT-3484 OAuth2 Service Provider * PM text review for OAuth 2.0 Service Provider * PLT-3484 OAuth2 Service Provider UI tweaks (#3668) * Tweaks to help text * Pushing OAuth improvements (#3680) * Re-arrange System Console for OAuth 2.0 Provider
author: enahum <nahumhbl@gmail.com> 2016-08-03 12:19:27 -0500
committer: Harrison Healey <harrisonmhealey@gmail.com> 2016-08-03 13:19:27 -0400
commit: 5bc3cea6fe4a909735753692d0c4cd960e8ab516 (patch)
tree: 85715d9fcbc146a9672d84c9a1ea1e96b6e71231 /web
parent: ea027c8de44d44b6ac4e66ab802e675d315b0be5 (diff)
download: chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.tar.gz
chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.tar.bz2
chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.zip
1 files changed, 94 insertions, 91 deletions
diff --git a/web/web_test.go b/web/web_test.go
index 40eba5ff2..5f74430fa 100644
--- a/web/web_test.go
+++ b/web/web_test.go
@@ -72,122 +72,125 @@ func TestGetAccessToken(t *testing.T) {
 
 	app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
 
-	if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
-		data := url.Values{"grant_type": []string{"junk"}, "client_id": []string{"12345678901234567890123456"}, "client_secret": []string{"12345678901234567890123456"}, "code": []string{"junk"}, "redirect_uri": []string{app.CallbackUrls[0]}}
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+	data := url.Values{"grant_type": []string{"junk"}, "client_id": []string{"12345678901234567890123456"}, "client_secret": []string{"12345678901234567890123456"}, "code": []string{"junk"}, "redirect_uri": []string{app.CallbackUrls[0]}}
 
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - oauth providing turned off")
-		}
-	} else {
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - oauth providing turned off")
+	}
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
 
-		ApiClient.Must(ApiClient.LoginById(ruser.Id, "passwd1"))
-		ApiClient.SetTeamId(rteam.Data.(*model.Team).Id)
-		app = ApiClient.Must(ApiClient.RegisterApp(app)).Data.(*model.OAuthApp)
+	ApiClient.Must(ApiClient.LoginById(ruser.Id, "passwd1"))
+	ApiClient.SetTeamId(rteam.Data.(*model.Team).Id)
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+	app = ApiClient.Must(ApiClient.RegisterApp(app)).Data.(*model.OAuthApp)
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
 
-		redirect := ApiClient.Must(ApiClient.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", "123")).Data.(map[string]string)["redirect"]
-		rurl, _ := url.Parse(redirect)
+	redirect := ApiClient.Must(ApiClient.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", "123")).Data.(map[string]string)["redirect"]
+	rurl, _ := url.Parse(redirect)
 
-		ApiClient.Logout()
+	teamId := rteam.Data.(*model.Team).Id
 
-		data := url.Values{"grant_type": []string{"junk"}, "client_id": []string{app.Id}, "client_secret": []string{app.ClientSecret}, "code": []string{rurl.Query().Get("code")}, "redirect_uri": []string{app.CallbackUrls[0]}}
+	ApiClient.Logout()
 
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - bad grant type")
-		}
+	data = url.Values{"grant_type": []string{"junk"}, "client_id": []string{app.Id}, "client_secret": []string{app.ClientSecret}, "code": []string{rurl.Query().Get("code")}, "redirect_uri": []string{app.CallbackUrls[0]}}
 
-		data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
-		data.Set("client_id", "")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - missing client id")
-		}
-		data.Set("client_id", "junk")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - bad client id")
-		}
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - bad grant type")
+	}
 
-		data.Set("client_id", app.Id)
-		data.Set("client_secret", "")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - missing client secret")
-		}
+	data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
+	data.Set("client_id", "")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - missing client id")
+	}
+	data.Set("client_id", "junk")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - bad client id")
+	}
 
-		data.Set("client_secret", "junk")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - bad client secret")
-		}
+	data.Set("client_id", app.Id)
+	data.Set("client_secret", "")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - missing client secret")
+	}
 
-		data.Set("client_secret", app.ClientSecret)
-		data.Set("code", "")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - missing code")
-		}
+	data.Set("client_secret", "junk")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - bad client secret")
+	}
 
-		data.Set("code", "junk")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - bad code")
-		}
+	data.Set("client_secret", app.ClientSecret)
+	data.Set("code", "")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - missing code")
+	}
 
-		data.Set("code", rurl.Query().Get("code"))
-		data.Set("redirect_uri", "junk")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - non-matching redirect uri")
-		}
+	data.Set("code", "junk")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - bad code")
+	}
 
-		// reset data for successful request
-		data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
-		data.Set("client_id", app.Id)
-		data.Set("client_secret", app.ClientSecret)
-		data.Set("code", rurl.Query().Get("code"))
-		data.Set("redirect_uri", app.CallbackUrls[0])
+	data.Set("code", rurl.Query().Get("code"))
+	data.Set("redirect_uri", "junk")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - non-matching redirect uri")
+	}
 
-		token := ""
-		if result, err := ApiClient.GetAccessToken(data); err != nil {
-			t.Fatal(err)
-		} else {
-			rsp := result.Data.(*model.AccessResponse)
-			if len(rsp.AccessToken) == 0 {
-				t.Fatal("access token not returned")
-			} else {
-				token = rsp.AccessToken
-			}
-			if rsp.TokenType != model.ACCESS_TOKEN_TYPE {
-				t.Fatal("access token type incorrect")
-			}
-		}
+	// reset data for successful request
+	data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
+	data.Set("client_id", app.Id)
+	data.Set("client_secret", app.ClientSecret)
+	data.Set("code", rurl.Query().Get("code"))
+	data.Set("redirect_uri", app.CallbackUrls[0])
 
-		if result, err := ApiClient.DoApiGet("/users/profiles?access_token="+token, "", ""); err != nil {
-			t.Fatal(err)
+	token := ""
+	if result, err := ApiClient.GetAccessToken(data); err != nil {
+		t.Fatal(err)
+	} else {
+		rsp := result.Data.(*model.AccessResponse)
+		if len(rsp.AccessToken) == 0 {
+			t.Fatal("access token not returned")
 		} else {
-			userMap := model.UserMapFromJson(result.Body)
-			if len(userMap) == 0 {
-				t.Fatal("user map empty - did not get results correctly")
-			}
+			token = rsp.AccessToken
 		}
-
-		if _, err := ApiClient.DoApiGet("/users/profiles", "", ""); err == nil {
-			t.Fatal("should have failed - no access token provided")
+		if rsp.TokenType != model.ACCESS_TOKEN_TYPE {
+			t.Fatal("access token type incorrect")
 		}
+	}
 
-		if _, err := ApiClient.DoApiGet("/users/profiles?access_token=junk", "", ""); err == nil {
-			t.Fatal("should have failed - bad access token provided")
+	if result, err := ApiClient.DoApiGet("/users/profiles/"+teamId+"?access_token="+token, "", ""); err != nil {
+		t.Fatal(err)
+	} else {
+		userMap := model.UserMapFromJson(result.Body)
+		if len(userMap) == 0 {
+			t.Fatal("user map empty - did not get results correctly")
 		}
+	}
 
-		ApiClient.SetOAuthToken(token)
-		if result, err := ApiClient.DoApiGet("/users/profiles", "", ""); err != nil {
-			t.Fatal(err)
-		} else {
-			userMap := model.UserMapFromJson(result.Body)
-			if len(userMap) == 0 {
-				t.Fatal("user map empty - did not get results correctly")
-			}
-		}
+	if _, err := ApiClient.DoApiGet("/users/profiles/"+teamId, "", ""); err == nil {
+		t.Fatal("should have failed - no access token provided")
+	}
 
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - tried to reuse auth code")
+	if _, err := ApiClient.DoApiGet("/users/profiles/"+teamId+"?access_token=junk", "", ""); err == nil {
+		t.Fatal("should have failed - bad access token provided")
+	}
+
+	ApiClient.SetOAuthToken(token)
+	if result, err := ApiClient.DoApiGet("/users/profiles/"+teamId, "", ""); err != nil {
+		t.Fatal(err)
+	} else {
+		userMap := model.UserMapFromJson(result.Body)
+		if len(userMap) == 0 {
+			t.Fatal("user map empty - did not get results correctly")
 		}
+	}
 
-		ApiClient.ClearOAuthToken()
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - tried to reuse auth code")
 	}
+
+	ApiClient.ClearOAuthToken()
 }
 
 func TestIncomingWebhook(t *testing.T) {
author	enahum <nahumhbl@gmail.com>	2016-08-03 12:19:27 -0500
committer	Harrison Healey <harrisonmhealey@gmail.com>	2016-08-03 13:19:27 -0400
commit	5bc3cea6fe4a909735753692d0c4cd960e8ab516 (patch)
tree	85715d9fcbc146a9672d84c9a1ea1e96b6e71231 /web
parent	ea027c8de44d44b6ac4e66ab802e675d315b0be5 (diff)
download	chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.tar.gz chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.tar.bz2 chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.zip